Denail-of-Service problem in Bitdefender's enterprise scanners
Bitdefender has closed a format string vulnerability in its virus scanners for enterprise networks. Attackers were at least able to exploit this vulnerability for denial of service attacks. The vulnerability affects version 8.02 of BitDefender's Client Professional Plus. The vendor is distributing a remedied version of the software via the automatic update service.
The flaw is a format string vulnerability in the routines that create log files of the virus scanner's searches. Attackers could use specially prepared information in the scan settings to read and write arbitrary areas of the memory, causing the scanner to crash at the very least. Administrators of BitsDefender solutions are advised to update their software immediately if this has not already happened automatically.
- BitDefender Client 8.02 Format String Vulnerability, security advisory from Layered Defense Research at Full Disclosure
- Format string vulnerability, Bitdefender's security advisory